CN101395625A - Identity theft mitigation - Google Patents

Identity theft mitigation Download PDF

Info

Publication number
CN101395625A
CN101395625A CNA2007800080076A CN200780008007A CN101395625A CN 101395625 A CN101395625 A CN 101395625A CN A2007800080076 A CNA2007800080076 A CN A2007800080076A CN 200780008007 A CN200780008007 A CN 200780008007A CN 101395625 A CN101395625 A CN 101395625A
Authority
CN
China
Prior art keywords
account
key
request
pki
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007800080076A
Other languages
Chinese (zh)
Inventor
M·圣菲尔德
C·艾利森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101395625A publication Critical patent/CN101395625A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

Public-key authentication, based on public key cryptographic techniques, is utilized to authenticate a person opening an account. The person provides a declaration to use only public-key authentication and a copy of his/her public key to an authorized agent, such as a credit bureau. The person provides a signed request to open an account with a merchant based on public-key authentication. This merchant requests a credit report from the credit bureau, providing the credit bureau the applicant's public key. The credit bureau uses the public key to locate a credit report. Barring theft of the user's private key, the credit report will be that of the requesting user with a high probability. The credit bureau can then provide the requested information to the merchant, and the merchant can provide notification to the person that the account is authorized or not, based on what the merchant reads in the credit report.

Description

The alleviation of identity theft
Technical field
Present technique field relate generally to identification theft relates in particular to the various alternatives to " based on the authentication of the fact ".
Background
It is more and more general that identity theft is just becoming.The identity theft of many types is that a undelegated people (forger) uses the result who opens or visit the legal account under one's name of this person about another person's the fact.Usually, the fact comprises identification information such as pre-marital surname such as social security number, mother, address, postcode, employer's name, driver license number.The forger only need show and knows these facts in order to visit or open an account.Know that enough facts can authorize this forger visit and/or open an account.This process can be called as " based on the authentication of the fact ".The trial that prevents identity theft lays particular emphasis on these true maintaining secrecy.
By keeping the maintain secrecy problem of attempting preventing identity theft of identification information is because except the each side of attempting to use identification information for the purpose of authentication other people know this information, so identification information is not what maintain secrecy, and can be to maintain secrecy never.In addition, identification information can be obtained usually through various channels.Therefore, barbaric forger can obtain this person's identification information under an ignorant situation of people.
Summary
Provide this summary so that some notions that will further describe in the following detailed description with the form introduction of simplifying.This summary is not intended to identify the key feature or the essential feature of theme required for protection, is not intended to be used to help to determine the scope of theme required for protection yet.
Authentication public key as described herein has been alleviated identity theft.A kind of authentication public key system is based on knowing that the right private key of PKI-private key key determines authentication, rather than based on knowing such as true next authentications of determining such as identification information (for example, social security number, mother's pre-marital surname, address, postcode, employer's name, driver license number, account No.).Because partly, authentication public key is the authentication mechanism that secret therein and then founder can not leave, so it helps to guarantee that the forger can not open and/or visit an account by the identity of using another person.
Below introduced an exemplary embodiment of forming by a process, this process has two parts: (1) is to a central credit information thesaurus registration final user, this thesaurus can be seeked advice from by final user's credit is provided by any mechanism, and (2) open an account by this final user to this mechanism.Therefore each part in these two parts all has following described two options: (1a) final user does not have previous credit history as well as and is a new people from the viewpoint of credit information thesaurus, (1b) final user has previous credit history as well as and need authenticate him or she to the credit information thesaurus and oneself changes existing relation the relation of refusal based on the authentication of the fact into, (2a) final user creates an account by software being installed and having been revised its operation flow a lending agency that becomes the part of the authentication public key system that is used for account creation, and (2b) final user by this software not being installed and still being relied on traditional, lending agency based on the authentication of the fact is created an account.Option (2b) has also covered and has been transformed into final user's checking that the authentication public key account opens to use the account who opens based on the authentication of the fact actual before this conversion be situation effective and that can be accepted by the final user.
In the situation (1a) of exemplary embodiment, for a people who does not have previous credit history as well as, this person is at first to state his have no credit history and want that refusal uses " based on the authentication of the fact " in its all account creations such as one or more central repositories of credit bureau etc.It is right that this person also creates a key according to known public key cryptography technology.This person keeps private key secret and needs to reveal this private key never.This person will state and this PKI offers another entity such as for example credit bureau etc.This person's each in those central repositories then registers and opens an account.In order to register, this person generates the digital request of opening a new database entry.This asks thus people's private key to be signed, and is sent to the entity (for example, credit bureau) of safeguarding this database.Therefore because this registered user does not have previous credit history as well as, so need not current registration and any previous credit history as well as combines and need not to prove that this person's identity is satisfied with the holder of this credit history as well as.Unique individual's identification information of passing in this registration is just for the purpose that satisfies conventional requirement rather than in order to authenticate.This request is authenticated by public key signature.In response to this request, this person by this thesaurus obtain a new data base entries and this clauses and subclauses can by this person may wish after a while to its establishment buy the account on credit, any bank or the businessman that are provided a loan, receive credit card etc. come reference.Data base entries corresponding to the individual is similar to the current credit history database entries, and difference is also to have write down this person's PKI.In addition, data base entries comprises a secret of being held by field (only communicating with the individual), this secret be if individual's key to lose, during PKI that one of breaking-up or stolen and individual demand registration are new then a password completely random, high entropy that can be used.
When personal choice to a certain businessman or bank or credit card issue person (below be called as lender) when opening an account, this entity can be inquired this application person's credit history as well as (data base entries) naturally, therefore wherein this lender is that the individual can become a certain entity to its debt, and is that identity thief may be opened certain entity that makes the account that the individual is injured in it.When receiving this credit report, lender can be seen common credit report information, and can see that the individual refuses to bear the notice (having narrated specific exception in report) for the account's who opens by " based on the authentication of the fact " responsibility.The individual changes selection into online by opening new account through the transaction of authentication public key.Credit report also can be listed individual's PKI (or its cryptographic hash).In one exemplary embodiment, no matter whether this human-readable credit report has listed individual PKI, the online version that can obtain from the entity of preserving individual data base entries all can comprise this PKI.
In case personal choice the authentication that uses public-key to open an account to lender, two options are then arranged: (2a) online, for example open this account, or (2b) open this account by traditional pen and paper application by the web service.
In situation (2a), the individual is operation one application program (or web browser) on its computing machine, fill in the application form of new account and digitally sign this application table (or authenticate a SSL by the web browser client connect), thereby proof has individual's private key.Lender receives this application, with reference to the credit report service, finds that the employed PKI of this application people in fact is exactly registered individual's PKI and is that registered individual rather than identity thief have very high certainty factor to this application people therefore.
In situation (2b), lender does not provide web service or the website that can accept through the online application of authentication public key.Therefore the applicant must use standard identification information (PII) fill in a paper list.If lender has been accepted this table and seeked advice from the credit report service about that people, then lender can be seen those exceptions of the notice of the new account that the individual refusal that identified is created with the method-only listed.If applicant in the case is an identity thief, then its plot will be failed.If applicant in the case is real individual, then that people can get in touch the credit report service at first online, is authenticated and it is wanted to add in its data-base recording to the record that lender X creates an account during date and time window Y (certain predetermined amount of time) in traditional PII mode by authentication public key.Perhaps, the individual can begin the application process with lender, obtain an account number from lender, and inform then that lender is delayed and finish this application process and can be connected to the credit report service and tell this new account-list clearly according to account number and lender name up to this application people.In case this application people uses with the transaction through authentication public key of credit report service and revised its data base entries to comprise this notice, then this application people can randomly get in touch lender and inform that it continues to fetch credit report.In this report, lender can see that an exception of the rule that himself is opened based on the account of the fact as refusal lists.
For wanting to be transformed into authentication public key but have based on for the people of an existing credit history as well as of fact authentication, process (situation (1b)) will be in following description in more detail.This people will create a key to and right to this key of credit report agency of trademark registration, but will need enough to convincingly demonstrate its identity so that report agency believes this people is exactly that people of indication in the existing database clauses and subclauses and enough advantageously stops identity thief to be reduced to not recurrent problem rather than current popular problem with the problem with identity theft.
The accompanying drawing summary
When reading in conjunction with the accompanying drawings, can understand above-mentioned summary and following detailed description better.For the purpose of explanation identity theft mitigation, its representative configuration shown in the drawings; Yet, alleviate identity theft and be not limited to disclosed concrete grammar and means.In the accompanying drawings:
Fig. 1 describes to use public-key to authenticate the process flow diagram of an exemplary event sequence of opening an account;
Fig. 2 is the use public-key process flow diagram of an example process of authentication of new account from user's angle;
Fig. 3 carries out authentication public key, has the user's of existing credit history as well as the process flow diagram of process all new account corresponding to wanting to be transformed into;
Fig. 4 replaces the process flow diagram of the example process of that lose or stolen PKI with a new PKI;
Fig. 5 is the description of an exemplary authentication public key system; And
Fig. 6 is the synoptic diagram that is used to realize an example processor of authentication public key.
The detailed description of illustrative embodiment
Fig. 1 describes the use public-key process flow diagram of an exemplary event sequence of authentication to the historical individual that has no credit.The user generates pair of secret keys according to known public key cryptography technology.Public-key cryptography has been used pair of secret keys.A key is used for encrypting, and another then is to be used for deciphering.Know PKI and do not mean that and know private key.Private key is maintained secrecy, the loss of security not but PKI can be scattered widely.At step 12 place, it begins credit history as well as and the statement (private key with this user is signed) of intention of all any accounts' that refusal is created for the useful classic method of institute except spelling out responsibility is created in the authentication that uses public-key thereby the user provides narration.This user can provide this statement to any suitable entities 26 such as devolution such as for example credit bureau or user.
Any digitally standard of the message of signature partly is the PKI that is used for verifying this signature.After step 12, agency 26 has this user authentication that uses public-key and comes the statement of create account user and have this user's PKI.This statement can comprise that also this user can not bear for the disclaimer by any responsibility that the account produced of opening based on the Verification System of the fact.
At step 16 place, user's request is set up an account to a businessman (or lender).Can be to providing this request such as for example businessman any suitable entities 28 such as (for example, credit card company, bank, retail shop, investment corporation, car dealers or the like).That is, the user can want to provide PKI to its entity of opening an account to this user.For example, the user can send to known credit bureau (for example, entity 26) with this statement and PKI, and wishes that to this user the businessman as much as possible (for example, entity 28) that commences business with it sets up the account.The consumer can inform in this user's credit report is registered and a record can be input to all credit bureau: " nobody can come to open an account for me by using identification information authenticate me.The unique acceptable authentication at family of being used to open the books is a PKI mentioned herein." this PKI can write down in the database of being safeguarded by credit bureau and the hash of this PKI can be listed in the credit report of printing.Hash function is known (for example, MD5 and SHA-1).Hash function calculates regular length output from the input of any size, this output has makes that will find any other input that can produce the output the same with existing input is infeasible character on calculating.Therefore, the hash of this user's PKI is the unique identifier of this PKI, and the space that need not to use complete PKI.
In an exemplary embodiment, the request of setting up the account comprises that businessman sets up the needed information of this account and signs with this user's private key.Because businessman is just using the online account creation by authentication public key, adopted the PKI account creation and avoided traditional account creation based on the fact so can recognize the applicant.In order to verify foregoing, if the interested words of businessman, then the credit report about this application people can comprise this notice.
Businessman 28 verifies this request at step 18 place.In an exemplary embodiment, the credit report that businessman 28 indicates this user to credit bureau 26 requests corresponding to this user's the PKI that passes through this user (or its hash).Credit bureau 26 uses this user's PKI to come these user's data storehouse clauses and subclauses of index.At step 20 place, user's the credit report that the private key of the PKI (or hash) that provides corresponding to this businessman will be provided credit bureau 26 sends to businessman 28.
During information requested, businessman 28 can determine whether to open an account for this user when receiving.At step 22 place, businessman 28 provides the announcement of licensing status-opened this account, or has refused this account.For example, this user may be legal, but this user's credit report indicates this user to present high risk.Therefore, the request that this user opens an account can be refused by businessman 28.
Fig. 2 be never previous credit history as well as the user angle at the use public-key process flow diagram of an example process of authentication of first account.At step 30 place, the user is created on the key that uses in this process to (and it is right randomly carefully to back up this key, so that it can not lost).At step 32 place, this user states the beginning credit history as well as and the intention of the authentication that only uses public-key when opening an account.In response to the establishment of this new credit history as well as, if this user can receive that this user once needed to replace registered public keys then the password of maintaining secrecy that will be used from each credit bureau or other agencies.Password from all these credit bureau or other agencies is all backed up safely so that (1) this user always can access a copy of those passwords, and (2) can obtain any copy without any potential identity thief.Can utilize any suitable backup and restoration methods.
The user in the request of step 36 place to set up an account such as entities such as businessmans.As described above, this request comprises that this businessman opens the needed PKI of verifying needed this user of signature in the request through information and this businessman of signature of this account.At step 40 place, this user receives the announcement (request of for example, opening an account is allowed or the request of opening an account is rejected) of account authorization state.
In an exemplary embodiment,, then do not use the described process of Fig. 1 if the user has existing credit history as well as.This process will give identity thief and steal a relatively easy method of someone good credit history as well as and the victim is encroached on easily.Other situations that must authenticate safely with classic method for the user with existing credit history as well as and for new user (for example, if legal requiremnt have a credit history as well as everyone should identify by address or other PII), then utilize the described process of Fig. 3.The intention that this user's statement (at step 42 place) uses public-key and authenticates all new account.This announcement procedure is similar to for the described announcement procedure of the step 12 of Fig. 1.Because the change in this credit record also needs the personal authentication, so this request just is considered to finish after step 46.In order to finish this process, this user's computer is printed the form that comprises this user's PKI (or its hash) and be used for identifying this user's (and using the authentication based on the fact to authenticate him or she) traditional PI I.At step 44 place, this user takes this form to the entity (such as bank or post office etc.) that can verify personal identification.At the entity place, user's identity is verified.The audit record of this incident of the fingerprint that identity verification entity also can create the photo that increased this user, gather from this user etc.
In case 24 couples of these users' of ID verifier identity is as indicated pleasing oneself on the form of printing, then this user signs that part form in face of this ID verifier.ID verifier 24 can notarize and signs it to confirm this user's identity this form.The ID verifier sends paper list (for example, passing through mail) then to agency's (or credit bureau) 26.When receiving the checking of this physical identity, agency's (or credit bureau) can be complementary this user and that people's credit history as well as and the key of the change request that the PKI of the user's that will physically verify report and signature are original is complementary, and the realization change of being asked then.In case changed this account, then at step 48 place, this user is digitally notified this change.At this trading time period, the user will receive and suitably back up related credit bureau or agency's secret password, to use when replacing this user's PKI after a while.When successfully finishing this change in the credit history as well as state this user, this user can be prompted to ratify especially all existing accounts or can specify one or more existing or new accounts to ratify (step 50) especially of one's own accord.This is that the user can enough authentication public key account that ratify to create before this user is transformed into authentication public key or that still come the businessman of create account user to create to the authentication that can't use public-key after this conversion.
Fig. 4 described be used for registered public key lose or stolen situation under the user replace the process of replacing the PKI of registration at agency or credit bureau 26 places.If this user's computer is damaged or fault, the hard disk of computing machine is wiped free of or because of various other reasonses, then may loses.If private key is preserved insecurely, then may take place private key usurp and this usurp with by the robber successfully create account user be found.This account will need deleted and delete and replace stolen private key.At step 56 place, it is to replacing that lose or impaired key right that the user has generated a new key.At step 58 place, this user has returned to this user's password that maintain secrecy, high entropy in account creation from back-up storage recovery credit bureau or other proxy responses.At step 60 place, user's computer is connected to each agency and sends PKI change message, comprises old PKI and new PKI as identifier.This message is by using high entropy password (for example, SHA1-HMAC) to sign as the standard symmetric key signature algorithm of key.In response to each such message, it is the response of success or failure that the agency returns this request of indication.Request may be for example owing to incorrect message format, content or signature are failed.
Fig. 5 is to use authentication public key to realize the description of an example system of account creation.This system comprises user processor 74, agent processor 76 and merchant processor 78.In the processor 74,76 and 78 each can comprise any suitable processor.Suitable example processor comprises general processor, application specific processor, desk-top computer, laptop computer, PDA(Personal Digital Assistant), handheld computer, smart phone, processor-server, client processor or its combination.In the processor 74,76 and 78 each is available to be realized such as single processors such as computing machine or a plurality of processor.A plurality of processors can be distributed or concentrated location.A plurality of processors can be wirelessly, make up by hardwired or by it and communicate.Each processor 74,76 and each part of 78 can realize by a plurality of distributed processors, node and/or database.Processor 74,76 be used for communicating with 78 so that the interface of communicating by letter betwixt can comprise such as any appropriate interface such as wave point, wireline interface or its combinations.Can utilize in the various communication protocols that comprise public and proprietary protocol any.The example of agreement comprises TCP/IP, IPX/SPX and NetBEUI.Communication between the processor 74,76,78 can be passed through one or more networks.Each network can include spider lines or directly line connection.Network can comprise public part (for example, the Internet) and private sector (for example, the dwelling house Local Area Network), or its combination.Network can use and comprise wired and such as any or multiple realization the in the various general communication media of wireless mediums such as acoustics, RF, infrared and other wireless medium.
In an exemplary embodiment, can utilize in user processor 74, agent processor 76 and the merchant processor 78 each to carry out the above-mentioned functions that is associated with user, agency and businessman respectively.For example, will to generate key right for user processor 74.User processor 74 will provide PKI to suitable entity (or a plurality of entity).Be used for processor 74 and will send the request of setting up the account to an entity.It is the disclaimer of the responsibility that produces of any exchange on the account that opens of basis that user processor 74 will send that this user will can not bear with the authentication based on the fact.And user processor 74 will receive the announcement of the licensing status of this account.And according to above description, agent processor 76 and merchant processor 78 can be the parts of single entity, and constitute single processor in an exemplary embodiment.
Fig. 6 is the diagrammatic sketch that is used to realize the example processor 80 of authentication public key.In processor 80 representative of consumer processors 92, agent processor 94 and the merchant processor 78 each.Processor 80 comprises processing section 82, memory portion 84 and I/O part 90.Processing section 82, memory portion 84 and I/O part 90 be coupled (Fig. 1 does not show coupling) allow communication therebetween.Processing section 82 can generate public-key cryptographic keys as described above.Processing section 82 can also be signed (encryption) information (for example, but PKI optional information) with private key.Memory portion 84 can be stored such as for example all parameters described above such as private key, PKI and any other information.
I/O part 90 can provide and/or receive the said modules that is used for realizing authentication public key.I/O part 90 can provide and/or receive the statement of adopting the authentication public key system.I/O part 90 can provide and/or receive PKI.I/O part 90 can provide and/or receive the request of setting up the account based on authentication public key.I/O part 90 can provide and/or receive the announcement that this account is authorized to and does not have to authorize.I/O part 90 can provide and/or receive for the disclaimer that with the authentication based on the fact is the responsibility that produces of the exchange that carries out of basis.And I/O part 90 can provide and/or receive the PKI through signature.
Processor 80 can be implemented as client processor and/or processor-server.In a basic configuration, processor 80 can comprise at least one processor part 82 and memory portion 84.The definite configuration and the type that depend on processor, memory portion 84 can be (such as the RAM) 86 of volatibility, non-volatile (such as ROM, flash memory or the like) 88 or its combination.Processor 80 can have extra feature/function.For example, processor 80 can comprise extra storage (removable storage 92 and/or can not mobile storage 94), includes but not limited to disk or CD, tape, flash memory, smart card or its combination.Comprise to be used to store such as computer-readable storage mediums such as memory portion 84,86,88,92 and 94 such as any means of the information of computer-readable instruction, data structure, program module or other data or volatibility that technology realizes and non-volatile, removable and removable medium not.Computer-readable storage medium comprises, but be not limited to, storer, the smart card of RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disc (DVD) or other optical memory, tape cassete, tape, disk storage or other magnetic storage apparatus, compatible universal universal serial bus (USB) or can be used to stored information needed and can be by any other medium of processor 80 visits.Any of these computer-readable storage medium can be the part of processor 80.
Processor 80 also can comprise allow that processor 80 and other equipment communicate communicate to connect 100.Communicating to connect 100 is examples of communication media.Communication media is usually embodying computer-readable instruction, data structure, program module or other data such as modulated message signal such as carrier wave or other transmission mechanisms, and comprises any information-delivery media.Term " modulated message signal " is meant a kind of signal that is provided with or changes its one or more characteristics in the mode that the information in the signal is encoded.As example and unrestricted, communication media comprises such as cable network or direct wire medium such as line connection, and such as wireless mediums such as acoustics, radio frequency, infrared ray and other wireless mediums.Term computer-readable medium as used herein comprises storage medium and communication media.Processor 80 also can have input equipment 98, such as keyboard, mouse, pen, voice-input device, touch input device or the like.Also can comprise output device 96, such as display, loudspeaker, printer or the like.
Various technology described herein can be used hardware or software or make up with it in due course and realize.Therefore, the method and apparatus of authentication or its particular aspects or part of being used for using public-key can be taked to be included in such as the program code of tangible mediums such as floppy disk, CD-ROM, hard disk drive or any other machinable medium (promptly, instruction) form, when wherein carrying out in this program code is loaded into such as machines such as computing machines and by it, this machine becomes the device that is used for index and search numerical range.In the situation that program code is carried out on programmable calculator, computing equipment generally comprises processor, readable storage medium (comprising volatibility and non-volatile storer and/or memory element), at least one input equipment and at least one output device of this processor.If desired, program can be used and be compiled in language or machine language realizes.In any situation, this language can be the language of compiling or explanation, and realizes combining with hardware.
In the situation that program code is carried out on programmable calculator, computing equipment generally comprises processor, readable storage medium (comprising volatibility and non-volatile storer and/or memory element), at least one input equipment and at least one output device of this processor.If desired, program can use assembly language or machine language to realize.In any situation, this language can be the language of compiling or explanation, and realizes combining with hardware.Be used to realize that the method and apparatus of authentication public key also can be by realizing with the specific communication of the form of program code, this program code is by certain transmission medium, such as by electric wire or cable, transmit by optical fiber or by any other transmission form, wherein, when this program code when receiving such as machines such as EPROM, gate array, programmable logic device (PLD) (PLD), client computers, loading and carrying out, this machine becomes the device that is used to realize authentication public key.When realizing on general processor, this program code combines with processor so that a kind of unique apparatus that is used to call the function of authentication public key to be provided.In addition, any memory technology of using in conjunction with authentication public key can be the combination of hardware and software always.
Although the exemplary embodiment in conjunction with each accompanying drawing is described the realization authentication public key, but be appreciated that, can use other similar embodiment, maybe can make amendment or add, carrying out the identical function of the authentication that uses public-key and do not deviate from the authentication that uses public-key described embodiment.Therefore, realization authentication public key as described herein should not be limited to any single embodiment, and should explain according to the width and the scope of appended claims.

Claims (17)

1. authentication method, described method comprises:
The statement of adopting authentication public key to come create account user is provided;
PKI-right PKI of private key key is provided;
Request is set up the account based on described authentication public key, and wherein, at least a portion of described request is to sign with the right private key of described key;
Receive a kind of announcement of described account in having taken place to be authorized to and not to be authorized to; And
Provide for the disclaimer that with authentication is the responsibility that produces of the exchange that carries out of basis based on the fact.
2. the method for claim 1 is characterized in that, the action of described request comprises provides the described PKI that utilizes described private key to sign.
3. the method for claim 1 is characterized in that:
Described statement and described PKI are provided for first entity; And
The action of described request is performed to set up the account to second entity.
4. method as claimed in claim 5 is characterized in that:
Described first entity comprises credit bureau; And
Described second entity comprises businessman.
5. the method for claim 1 is characterized in that, also comprises the authentication face to face of request being set up described account's requestor.
6. authentication method, described method comprises:
Receive the statement of adopting authentication public key;
Receive PKI-right PKI of private key key;
Reception is set up account's request based on described authentication public key, and wherein, at least a portion of described request is to sign with the right private key of described key;
Determine the authenticity of described request;
Described account is provided a kind of announcement in having taken place to be authorized to and not to be authorized to; And
Reception is for the disclaimer that with the authentication based on the fact is the responsibility that produces of the exchange that carries out of basis.
7. method as claimed in claim 7 is characterized in that, also comprises:
A standby account request is set up in reception based on identification information;
Receive by the exception request of described key to authentication, wherein, described exception request comprises to be permitted setting up described standby account, wherein, permits setting up described standby account and is limited to predetermined amount of time;
Checking utilizes described key to the described request of setting up described standby account and the authenticity of described certified exception request; And
Described standby account is provided a kind of announcement in having taken place to be authorized to and not to be authorized to.
8. method as claimed in claim 7 is characterized in that, the described account's of foundation request comprises provides the described PKI that utilizes described private key to sign.
9. method as claimed in claim 7 is characterized in that:
Described statement and described PKI are received by first entity; And
Describedly set up described account's request at second entity.
10. method as claimed in claim 11 is characterized in that:
Described first entity comprises credit bureau; And
Described second entity comprises businessman.
11. method as claimed in claim 7 is characterized in that, also comprises the authentication face to face of request being set up described account's requestor.
12. a Verification System, described system comprises:
The processor part is used for:
Generation comprises that the PKI-private key key of PKI and private key is right;
Be used to store the memory portion of described PKI and described private key; And
The I/O part is used for:
The statement of adopting authentication public key to come create account user is provided;
Provide PKI-private key key right described PKI;
The described private key that utilizes described key right is provided, sets up account's request based on described authentication public key;
Receive a kind of announcement of described account in having taken place to be authorized to and not to be authorized to; And
Provide for the disclaimer that with authentication is the responsibility that produces of the exchange that carries out of basis based on the fact.
13. system as claimed in claim 14 is characterized in that:
Described processor partly utilizes described private key to sign described PKI; And
Described request of setting up the account based on described authentication public key comprises the request through signature that comprises described PKI.
14. system as claimed in claim 14 is characterized in that:
Described I/O part provides described statement and described PKI to first entity; And
Described I/O part provides the request of setting up the account based on described authentication public key to second entity.
15. system as claimed in claim 17 is characterized in that, described first entity comprises credit bureau.
16. system as claimed in claim 17 is characterized in that, described second entity comprises businessman.
17. system as claimed in claim 14 is characterized in that, described memory portion comprises harddisk memory, flash memory, pocket memory, the storer of compatible universal universal serial bus (USB) and at least one in the smart card memory.
CNA2007800080076A 2006-01-30 2007-01-18 Identity theft mitigation Pending CN101395625A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/342,447 US20070179903A1 (en) 2006-01-30 2006-01-30 Identity theft mitigation
US11/342,447 2006-01-30

Publications (1)

Publication Number Publication Date
CN101395625A true CN101395625A (en) 2009-03-25

Family

ID=38323287

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007800080076A Pending CN101395625A (en) 2006-01-30 2007-01-18 Identity theft mitigation

Country Status (4)

Country Link
US (1) US20070179903A1 (en)
KR (1) KR20080096757A (en)
CN (1) CN101395625A (en)
WO (1) WO2007089439A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8359278B2 (en) 2006-10-25 2013-01-22 IndentityTruth, Inc. Identity protection
US10430604B2 (en) * 2008-02-05 2019-10-01 Equifax Inc. Systems and methods for securing data in electronic communications
US9800413B2 (en) * 2008-08-15 2017-10-24 Gm Global Technology Operations, Inc. System and method for performing an asymmetric key exchange between a vehicle and a remote device
US20100049683A1 (en) * 2008-08-22 2010-02-25 Carter Stephen R Collaborative debating techniques
US9652802B1 (en) 2010-03-24 2017-05-16 Consumerinfo.Com, Inc. Indirect monitoring and reporting of a user's credit data
EP2676197B1 (en) 2011-02-18 2018-11-28 CSidentity Corporation System and methods for identifying compromised personally identifiable information on the internet
US8819793B2 (en) 2011-09-20 2014-08-26 Csidentity Corporation Systems and methods for secure and efficient enrollment into a federation which utilizes a biometric repository
US11030562B1 (en) 2011-10-31 2021-06-08 Consumerinfo.Com, Inc. Pre-data breach monitoring
US8812387B1 (en) 2013-03-14 2014-08-19 Csidentity Corporation System and method for identifying related credit inquiries
US20150142647A1 (en) * 2013-11-20 2015-05-21 Bank Of America Corporation Consumer Bill-Pay
US10339527B1 (en) 2014-10-31 2019-07-02 Experian Information Solutions, Inc. System and architecture for electronic fraud detection
US11151468B1 (en) 2015-07-02 2021-10-19 Experian Information Solutions, Inc. Behavior analysis using distributed representations of event data
US9565020B1 (en) * 2016-02-02 2017-02-07 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
US10699028B1 (en) 2017-09-28 2020-06-30 Csidentity Corporation Identity security architecture systems and methods
US10896472B1 (en) 2017-11-14 2021-01-19 Csidentity Corporation Security and identity verification system and architecture
WO2020006425A1 (en) * 2018-06-28 2020-01-02 Coinbase, Inc. Wallet recovery method

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2603043B1 (en) * 1986-08-19 1988-11-10 Petrel Sarl SECURITY MARKING, MATERIALS PROVIDED WITH SECURITY MARKS, APPARATUS FOR REVEALING THE SECURITY MARK
DK0739560T3 (en) * 1994-01-13 2001-10-01 Certco Inc Cryptographic system and method with key deposit function
US5619571A (en) * 1995-06-01 1997-04-08 Sandstrom; Brent B. Method for securely storing electronic records
US5689566A (en) * 1995-10-24 1997-11-18 Nguyen; Minhtam C. Network with secure communications sessions
US5638448A (en) * 1995-10-24 1997-06-10 Nguyen; Minhtam C. Network with secure communications sessions
US6272535B1 (en) * 1996-01-31 2001-08-07 Canon Kabushiki Kaisha System for enabling access to a body of information based on a credit value, and system for allocating fees
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6233565B1 (en) * 1998-02-13 2001-05-15 Saranac Software, Inc. Methods and apparatus for internet based financial transactions with evidence of payment
US6947908B1 (en) * 1998-08-27 2005-09-20 Citibank, N.A. System and use for correspondent banking
US7047416B2 (en) * 1998-11-09 2006-05-16 First Data Corporation Account-based digital signature (ABDS) system
US6820202B1 (en) * 1998-11-09 2004-11-16 First Data Corporation Account authority digital signature (AADS) system
US7742967B1 (en) * 1999-10-01 2010-06-22 Cardinalcommerce Corporation Secure and efficient payment processing system
AU1960101A (en) * 1999-12-29 2001-07-16 Paymap, Inc. Method and apparatus for mapping sources and uses of consumer funds
AU2001236812A1 (en) * 2000-02-09 2001-08-20 Internetcash.Com Method and system for making anonymous electronic payments on the world wide web
US6779115B1 (en) * 2000-02-18 2004-08-17 Digital5, Inc. Portable device using a smart card to receive and decrypt digital data
US20020046065A1 (en) * 2000-06-15 2002-04-18 Nighan Robert J. Method and system for insuring against loss in connection with an online financial transaction
CA2417901C (en) * 2000-08-04 2013-01-22 First Data Corporation Entity authentication in electronic communications by providing verification status of device
US7096354B2 (en) * 2000-08-04 2006-08-22 First Data Corporation Central key authority database in an ABDS system
US6978369B2 (en) * 2000-08-04 2005-12-20 First Data Corporation Person-centric account-based digital signature system
US7689832B2 (en) * 2000-09-11 2010-03-30 Sentrycom Ltd. Biometric-based system and method for enabling authentication of electronic messages sent over a network
US20030105887A1 (en) * 2001-12-03 2003-06-05 Cox Burke David Method and system for integration of software applications
US6865559B2 (en) * 2000-12-07 2005-03-08 International Business Machines Corporation Method and system in electronic commerce for inspection-service-based release of escrowed payments
US20020152086A1 (en) * 2001-02-15 2002-10-17 Smith Ned M. Method and apparatus for controlling a lifecycle of an electronic contract
US20030037261A1 (en) * 2001-03-26 2003-02-20 Ilumin Corporation Secured content delivery system and method
US7003497B2 (en) * 2001-05-23 2006-02-21 International Business Machines Corporation System and method for confirming electronic transactions
US20040199469A1 (en) * 2003-03-21 2004-10-07 Barillova Katrina A. Biometric transaction system and method
US7275159B2 (en) * 2003-08-11 2007-09-25 Ricoh Company, Ltd. Multimedia output device having embedded encryption functionality
US9542671B2 (en) * 2004-05-12 2017-01-10 Paypal, Inc. Method and system to facilitate securely processing a payment for an online transaction

Also Published As

Publication number Publication date
KR20080096757A (en) 2008-11-03
US20070179903A1 (en) 2007-08-02
WO2007089439A1 (en) 2007-08-09

Similar Documents

Publication Publication Date Title
CN101395625A (en) Identity theft mitigation
US11664997B2 (en) Authentication in ubiquitous environment
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US7676433B1 (en) Secure, confidential authentication with private data
US9596089B2 (en) Method for generating a certificate
US8959595B2 (en) Methods and systems for providing secure transactions
US20130219481A1 (en) Cyberspace Trusted Identity (CTI) Module
EP3767878A1 (en) A system and a method for personal identification and verification
US8856507B2 (en) Secure identity and personal information storage and transfer
US11128604B2 (en) Anonymous communication system and method for subscribing to said communication system
US20090271321A1 (en) Method and system for verification of personal information
US20050044377A1 (en) Method of authenticating user access to network stations
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
WO2006018874A1 (en) Management service device, backup service device, communication terminal device, and storage medium
KR20210040078A (en) Systems and methods for safe storage services
WO2020118262A1 (en) Computer method and graphical user interface for identity management using blockchain
JP2009048627A (en) Method and apparatus for performing delegated transaction
JP2004519874A (en) Trusted Authentication Digital Signature (TADS) System
WO2001022650A9 (en) Server-side implementation of a cryptographic system
JPH10504150A (en) A method for securely using digital signatures in commercial cryptosystems
KR100375273B1 (en) Method and system for identifying an identity on Internet
KR20240015642A (en) Reliable chain of custody for verifiable claims
US20020053028A1 (en) Process and apparatus for improving the security of digital signatures and public key infrastructures for real-world applications
US20210319116A1 (en) Systems and methods of access validation using distributed ledger identity management
WO2021141929A1 (en) Systems and methods for compliance checks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20090325